VPN隱藏了什麼？ P.I.A.的評論VPN和使用pfsense和NTOP觀看所有數據

21 comments

1. I think most people have a problem with US based VPN companies because they're required by law to keep logs of traffic, as well as hand it over on demand to the government. Sure, other VPN companies MIGHT work with the US government by keeping logs and handing them over to US officials upon request, but they don't HAVE to. see the difference? if I go with an american company my traffic WILL be logged and WILL be turned over upon demand, and there is no getting around that. If I go with a non-US company, there is at least a chance that they actually don't keep logs. I actually think the NordVPN hack was a good thing as it showed pretty conclusively that they ACTUALLY don't keep logs. let me put it like this, if I had months of direct access to a server through a server management tool, if there were logs to be found, I would have them, but no logs were found on their server. Do I think that they should have gone public with the information immediately after they had fixed the problem? yes. do I accept their explanation of why they waited? yes and no (their explanation makes sense, but the timing makes it questionable). Do I still trust them to protect my data? yes, I do, more so now in fact, since they're the only company that essentially went through an anonymous unplanned third party audit and essentially proved no logs of user data existed (or at least they only exist on some kind of central server, I've still got my tinfoil hat on, but its at least evidence in their favor). could PIA claim the same? no, they couldn't even begin to, because they're required to keep logs by US law.

2. You said you don't know why it's connecting to Twitter & Facebook at startup. Are the apps for those two services installed?

3. appreciate your transparency

4. It's of note that while with PIA, your ISP will still know you're using a VPN if they do deep packet inspection, there are ISP's out there offering techniques to hide that you're using it.

   Some use the Chameleon protocol that GoldenFrog/Vypr created that's supposed to not introduce much lag. Some providers install obfsproxy on their servers. AIR VPN (and likely some others) has an option to connect where you're openvpn connection is encapsulated inside SSL so that it looks like nothing more than an HTTPS connection, but this method is significantly slower than regular openvpn.

   That said, I use PIA. You can't be 100% sure that PIA truly doesn't log as they claim, but we know that they have multiple cases where they've responded to subpoenas with statements that they have no logs to provide, unlike some other companies that've claimed they don't log then provided logs to people when requested.

5. Why hide? Everything is Hacked. Really does not matter homies. Don』t pay, just Hack!

6. Maybe those packets were generated before you did activate the VPN so some routing is sending them back to your internal ip? You should handle the VPN outside of windows 10.

7. Don』t buy PIA vpn, it』s terribly slow and blocks Netflix. I have a 250/100 connection and I』m getting about 25/20 while using the PIA VPN

8. You can tone down a little telemetry and cut off updates by joining to Active Directory and creating GPOs with fake WSUS settings; though they will still imply that they want to fall back to Microsoft's C&C servers. They'll make a little network noise because the little trojans won't give up tryin' to contact mama botnet but at least is a tiny FU to Microsoft who will have a little less data to "improve" their products -as if- and make bigger profits-ehm-help the world, sorry. All Microsoft products I manage are severely limited, on IPv4-only subnets, with ports open as needed and per host and even then, they're proxied and georestricted. I might not be catching all, but I sure won't stop trying. Anyways is not a word!

9. If I setup "alternative" DNS servers on the router will Windows 10 with its default settings leak anything to any other DNS servers?

10. What about tunnel bear, nord vpn and express vpn?

11. Hat tip for the IT Crowd reference in the diagram 🙂

12. I have been using IPVanish and CloudFlare』s DNS; 1.1.1.1. Like PIA, IPVanish is also based in the USA. But if what they say is true, about the no logs policy, then you shouldn't worth about anything.

13. Thank you for doing this!

14. Have you tried SoftEther? In my experience, it is WAY faster than OpenVPN.

15. Super interesting video!! Amazing to watch all those scary things reaching out after windows bootup. The three thumbs down are MS, Google, and Facebook.

16. I love your internet box! Did you know if you type Google, into Google, that you break the internet? 🙂

17. Seems to me like your router, fixed or portable, needs to firewall those telemetry destinations. If Microsoft won't honor your explicit privacy configurations, you have every right to blackhole them.

18. What software is that he's using to diagram?

19. This site will show you your internet-exposed IP (while using a VPN or not), but also helpfully tells you if WebRTC requests are being leaked (meaning that in spite of using a VPN your ISP-assigned address is still being leaked) – https://ip.voidsec.com/

20. Is there any way to get pfsense working over Tor
    And what IP addresses do I need to block in pfsense to get Windows 10 to stop calling home

21. One way to stop some telemetry is to use something like Spybot Anti-Beacon. Its a compact program that adds a lot of the Microsoft telemetry sites into the host file and points them at a 0.0.0.0 address. You can do it manually, but it also offers to refresh the hosts file on boot in case Microsoft updates alters it.

    Maybe something worth a test to see how much of the telemetry data it gets?

Comments are closed.